smokeloader | 21d82dc770edea8c99aeef084250b5f8cfa5524dfb9027569ca0d126c13ea18c | Triage

Sharing

General

Target

bd0be3e310836c6be38fce6f81e11658_JaffaCakes118
Size

130KB
Sample

240823-y92qksvcjc
MD5

bd0be3e310836c6be38fce6f81e11658
SHA1

6cc9641df33cf277101e62b0050f6d6c1a1326f9
SHA256

21d82dc770edea8c99aeef084250b5f8cfa5524dfb9027569ca0d126c13ea18c
SHA512

bb4ebba37bb80e82ab3b79c290e0b709a826906fa2e3b5a7ba0a07a40ae6effe53ba7348be2a1aec61cf5d621d64af1cc2a21488d5be645e87413338852eebd7
SSDEEP

1536:Kpjo0c6ivIXuCcpuuohgwKGl9GYS60MAfzowWvbgTghNFqcY7LMt8bYA/5xqnnDB:KpMbIXS303bGY//tnYfuHxfiiPIE

Score

10^/10

smokeloader ku11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

ku11

Targets

- Target
  
  bd0be3e310836c6be38fce6f81e11658_JaffaCakes118
- Size
  
  130KB
- MD5
  
  bd0be3e310836c6be38fce6f81e11658
- SHA1
  
  6cc9641df33cf277101e62b0050f6d6c1a1326f9
- SHA256
  
  21d82dc770edea8c99aeef084250b5f8cfa5524dfb9027569ca0d126c13ea18c
- SHA512
  
  bb4ebba37bb80e82ab3b79c290e0b709a826906fa2e3b5a7ba0a07a40ae6effe53ba7348be2a1aec61cf5d621d64af1cc2a21488d5be645e87413338852eebd7
- SSDEEP
  
  1536:Kpjo0c6ivIXuCcpuuohgwKGl9GYS60MAfzowWvbgTghNFqcY7LMt8bYA/5xqnnDB:KpMbIXS303bGY//tnYfuHxfiiPIE
Score

10^/10

smokeloader ku11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderku11backdoordiscoverytrojan

behavioral2

smokeloaderku11backdoordiscoverytrojan